This is a must read post for the beginners and newbies who have just started exploring hacking and for laymen who aren't interested in learning hacking but needs somebody's account password anyhow. I want you to aware about common misconceptions regarding Email/Social Networking Sites accounts hacking.
Otherwise those thoughts/misconceptions can seriously put you in trouble.
We usually start like googling this, "how to hack gmail" , "
softwares for hacking orkut","how to hack facebook" etc
but unfortunately reach some malicious websites,
follow stupid instructions and our own accounts get compromised.
Yes I wasn't any different and had been a foolish when I was a beginner
Okay talking in general ,
suppose you just have signed up for an account(gmail,yahoo or any other reputed website)
Your password is stored only at two places
1. In website's database
2. In your mind
(Dont say a stupid thing that it is also saved in a text file on your
PC or in your girlfriend's mind etc)
Fetching your credentials (Id/password) from website's database is almost impossible.
They are paynig million of dollars for securing their systems.
Here I should remind you that, I am talking only about the reputed companies like microsoft,google,facebook etc.
Hard Core hackers might get success in compromising their systems.
Now talking about your mind, its might be really very simple to do this. Shocked ?
At this ponit,
I must say that hacking an email account depends strongly on carelessness/foolishness of victim.
FAQs or misconceptions regarding the same:-
Does any free/paid software/program/cracker exist to hack such accounts ?
No .You might get numberless free or preminum softwares which claim to crack email accounts.
The softwares just ask you to enter victim's email and start cracking/generating password.
I have already told you about two places where one's password is. From where the hell ,these softwares would bring passwords for you ? .
This kinda stuff is undoubtedly scam/rubbish.
Is there any free/premium online service to hack such accounts ?
No.You might have logged on to many websites that claim to crack any
email account for some amount of money.
They are completely fraud and be aware of them. Dont lose your money there !!
An Other type of fraud- You might have come across many tutorials/videos that instruct you
to compose an email to something@something.com.
You are asked to write victim's email ID, your
email ID, your password and are assured that you would get requested password within 24 hours.
Needless to say, it is an idea of befooling innocent people .
Ofcourse,your own account gets compromised.
Beleive me , you cant imagine the number of people who become victim of such rubbish things
They
lose their money,time,accounts but get nothing in return. So take care.
How to hack these accounts ?
Every method directly/indirectly involve victim's carelessness/lack of knowledge.
Non-Technical-
While signing up for an account, we are asked to set a security question like our nickname,
birthday place etc so that we could recover our account in case we forget our password.
Many innocent people sets the correct asnwer which they are not supposed to do.
Gather some information about victim and try to guess the answer of security question.
Technical-
1. Phishing- The most common way of hacking them is phishing.
The common type of phishing is Fake Login Page.
The victim is anyhow anyway made to enter his credentials in fake login page which resembles the genuine login page and gets hacked.
2.Malicious files- The victim is given a malicious file.
It could be binded with or hidden behind a genuine file.
It is usually a keylogger or trojan.
A keylogger secretly records everything you type and sends to attacker.
Obviously records your passwords too.
3.Stealing Sessions- Talking in simple language, whenever we sign into an account it generates a unique piece of string.
One copy is saved on server and other in our browser as cookie.
Both are matched everytime we do anything in our account.
This piece of string or login session is destroyed when we click on 'Sign Out' option.
An attacker can steal that session by convincing victim to run a piece of code in browser.
Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim clicks 'Sign out' ,
session gets destroyed and attacker too also gets signed out.
Note-You might be thinking that one could sniff the credentials sitting in same network.
But I should remind you that,
they would be encrypted ones and cracking the SSL encryption is almost impossible
No comments:
Post a Comment
if you are facing any problem comment here